Overview

overview

10

Static

static

6

983cd93cee...98.apk

 

983cd93cee...98.apk

android-10-x64

10

983cd93cee...98.apk

android-11-x64

10

Analysis

  • max time kernel
    2458316s
  • max time network
    160s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231215-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
  • submitted
    20-12-2023 08:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    983cd93ceec7451eed08dea0c83b05e9665e8ae0c433b564efcc55657ebc2598.apk

  • Size

    2.2MB

  • MD5

    95cfd5efd2526e4166849004b357effe

  • SHA1

    e57518888c1e20a71cfd9e3fb41f04dc6fd066b7

  • SHA256

    983cd93ceec7451eed08dea0c83b05e9665e8ae0c433b564efcc55657ebc2598

  • SHA512

    d5059df8b04d5b91c2afcddf92f531db82ee7bd65d73273ae6625252605589acd29ffc2b443fe9438e2b9d3ddeb1d63a3c27187f66383e1faf115ad90d0ed032

  • SSDEEP

    49152:iHujnsSVC4tvraZm6dyNJipahpdUvs8W4Vbr+34opM:Q8Np2ZSkarSVWz0

Score
10/10
alienbotcerberusbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://ukalasey2.com

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus
  • Cerberus payload 1 IoCs
  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher 8 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion

Processes

  • ctsdijqewczjhww.gnsxtstbwrjbrxh.mkypmybqnlsidgxzunmwbekbm
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4633

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/ctsdijqewczjhww.gnsxtstbwrjbrxh.mkypmybqnlsidgxzunmwbekbm/app_DynamicOptDex/GXsTi.json
    Filesize

    767KB

    MD5

    2bc89aade90294152d7ea29e36ac48e9

    SHA1

    4d1e4ca7044e97798aa88eb6829e3664dc41628b

    SHA256

    34fe80e5af092d641e11e042f7aec42f9b68231959c113e28c801741c18ce211

    SHA512

    ad0a3b986677910e77e5466f8d5b4eb4255e5ec313283f3dadc22458382971f1416114df51d400a27ff8de0eb6c0a79977ccbe6b665c5fa8c71f7074336914ef

    Download Submit

  • /data/user/0/ctsdijqewczjhww.gnsxtstbwrjbrxh.mkypmybqnlsidgxzunmwbekbm/app_DynamicOptDex/GXsTi.json
    Filesize

    767KB

    MD5

    d4d6d0f4cbfe76d620ced317c2240137

    SHA1

    f62e5ac2e1f388b074907da335979acc4abb2919

    SHA256

    1e968ee9b7a194c662b4fab586c6ed7139101b742b22258b7580012a420483bc

    SHA512

    312c16a82c21d1d2a7e013352d4ffbc039de27f6b680898e2c72e8d9395d9e28a77006d678b99a99649a4abecf089dbb8be304accb9286f1830086b6b32cdbb6

    Download Submit

  • /data/user/0/ctsdijqewczjhww.gnsxtstbwrjbrxh.mkypmybqnlsidgxzunmwbekbm/app_DynamicOptDex/oat/GXsTi.json.cur.prof
    Filesize

    334B

    MD5

    5305d5acc3e924805004f15ad7f5d096

    SHA1

    e9b2ae9cd5db9b6942ff245ae8d7b2e6c623b12a

    SHA256

    e2155ed6418347a4d6c14da4040f4c2f4995b37a11ca3b77245aaa0f22b70e38

    SHA512

    0b1e417535e171c43ad6177a66e6835bde0d3d8fa7bdc158d9b12b5372c45b8273538ae2d9e9bdf4c098e34882bff553d69ef3947bf0039389b1895338c774c2

    Download Submit